News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Douglas Schweitzer's picture
Douglas Schweitzer

The Security Sector

More posts | Read bio

March 27, 2006 - 7:20 A.M.

The balanced security approach

4 comments

Some people believe that if a little security is good, a lot of security must be better. The truth is you can have too much of a good thing, as "excess" security can slow your users down. Manufacturers help fuel the desire for superfluous security by continually coming up with new products to help combat the likes of viruses, spyware and hackers. Too little protection puts the data at risk; too much protection is costly and may affect data and system availability. The key lies in determining the level of risk your systems face so that your security team can put in place a balanced security mix that will effectively meet your organization's needs. Highly restrictive controls are usually not eagerly tolerated by an organization - neither by its users nor its managers - and they’re either rejected outright or bypassed. By choosing your security arsenal wisely, you can attain a high degree of security without worrying about going overboard.

What People Are Saying

Add new comment

Doug and Chris, Okay, I

Submitted by OHVA, Inc. on April 4, 2006 - 6:39 A.M.

Doug and Chris,

Okay, I stand corrected, however, "Not too much or not too little" authentication security for accessing your online bank account is quickly becoming a smaller range of security choices based on what’s available today and those choices are solutions approaching the highest security levels available for online banking.

I am the guy who has to walk into your Bank and tell them what it will take to properly protect you when accessing your online bank account from what just happened in Europe and Florida.

Hacker's have shown that Software alone is no longer strong enough to offer proper accessing security. We have reached the point that Hardware must be brought into the Online Banking security arena. I agree, it can not be expensive and must be as user friendly as possible. If I do not advise your Bank to implement a solution that includes hardware, I'd be putting you and all the other Bank Members at risk of being hacked.

I'll agree that Biometrics is an over kill for protecting online bank accounts. Personally, I do not like Biometrics because it is expensive and depending on the level of sophistication, it can be forged.

I previously mentioned a Smart Card or Token but companies could also develop software, which we will release shortly, that converts your PC into a “virtual token” and therefore uses your computer as the hardware or something you physically have. Those who have tried this have run into not being able to offer the users total secure portability.

Report this comment

I could not have said it

Submitted by Doug Schweitzer on April 2, 2006 - 8:16 A.M.

I could not have said it better myself, Chris!

Report this comment

Too little security is NEVER

Submitted by OHVA, Inc. on March 31, 2006 - 11:24 P.M.

Too little security is NEVER a good thing! High level security is not expensive either. Smart Chip Technology is the proper way to keep your online banking members accounts secure. No matter what personal info we might be tricked into giving out, a Hacker can not enter our online bank account without our hardware Token or Smartcard. Here is how simple the OHVA OnhandID Token is to operate. Plug it into any PC microphone jack, then type in your password and push the button on the Token. You've just entered your online account securely. How much is such a Token? Under $5 and it's only a one time charge. That is high level security and inexpensive. Without that Token present, you can not gain access into your account. If you lose the Token and a Hacker finds it, there is no personal information carried in the Token, so it becomes useless, plus the Hacker does not know your personal Password, only you know that.

With todays more advanced Phishing and especially Keylogging exploits, having too little security is a big risk. I sure don't mind carrying a Smart Token on my key chain to access my online bank account securely and I don't believe anyone else minds either. The Banks just don't want to pay $25 per Token renewable every 3 years and then give them away for free. I don't blame them but no one should ever tell us that too much security is a bad thing. That's just WRONG!

Report this comment

Too much security is,

Submitted by Chris Shipp on April 2, 2006 - 12:18 A.M.

Too much security is, indeed, a bad thing. The level of security that is implemented in any system must be commensurate with the level of risk and criticality of the system. For example, I do not maintain an armed personnel force, cypher locks or a titanium vault to protect my home. While these security measures may be quite necessary in some environments, the level of risk to my home and the assets that it contains simply do not warrant that level of security. In fact, such security measures would be unnecessarily costly and may inhibit normal activities at my home. Besides, Brutus, my 80 pound boxer, seems to be doing a fine job.

On the other hand, it certainly seems that more sophisticated and reliable mutual authentication techniques are necessary. In particular, simply typing the URL of a banking institution rather than clicking on a link is certainly not fool-proof, as proven by the recent hack in Florida. Furthermore, the use of passwords alone to access protected information such as the financial data that is accessed while banking online is antiquated and simply not as effective as it needs to be.

Cyber criminals are becoming increasingly sophisticated and security must keep pace. The challenge for security professionals and companies is to develop innovative, effective solutions that are cost-effective and require the least amount of inconvenience to end-users. In doing so, we can provide just the right amount of security -- not too much and not too little.

Report this comment

Related Posts

Spam culture, part 3: Nigeria (and 419 scams)
Los Angeles goes Google; dumps GroupWise; shuns Microsoft; ignores IBM
Your next stop ... the Password Zone
Latest threat vector: Our mobile devices

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
First take: Apple's new MacBook offers sleek style, solid performance
Elpida inks DRAM tech, outsourcing deal with Taiwan's ProMOS
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.